Setting Up VPN between ROS Machines

Setting up VPN (Virtual Private Network) between ROS machines

This explanation was found here
Here's a step by step procedure regarding how to set up VPN between different ROS Machines:

• First install openvpn via your package installation tool. (Ubuntu Software Centre)

• Now create a set of certificates that are used for authentication. The openvpn package should contain a directory easy-rsa somewhere, on ubuntu it's in /usr/share/doc/openvpn/examples/easy-rsa. Switch to it or one if it's subdirectories indicating a version and source the file vars. Please note that you need to execute all following commands as root because the keys are generated into /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys. If you want to create the keys as a user, you need to copy the whole directory to a place you have write permissions for.

cd /usr/share/doc/openvpn/examples/easy-rsa/2.0 source vars

• Then clear all previously generated keys and generate new ones:

  ./clean-all ./build-ca ./build-key-server serve

• This generates a certificate and a server key. Now you can either generate one key for each client or you can generate one key and use it for all clients, depending on how secure you want to have your system. To generate a key for the client, execute:

  ./build-key client

• Finally you need to generate Diffie Hellman parameters:

  ./build-dh

• Now copy everything that's related to the server to /etc/openvpn, the directory we will put the config in:

  cp ca.crt ca.key dh1024.pem server.crt server.csr server.key /etc/openvpn

• Finally, we need to create a config file for the server. Create /etc/openvpn/server.conf by copying (and maybe uncompressing) /usr/share/doc/openvpn/examples/server.conf or server.conf.gz.

• The default config is based on routing and not bridging which should be fine for almost all cases. The default config should be fine already but if you want you can go through it and change some parameters. For instance, you might want to uncomment the parameters client-to-client and duplicate-cn. Test your config by executing openvpn by hand:

cd /etc/openvpn openvpn ./server.conf

If it starts up correctly, you can let the system start up the server at boot time. Not sure how you do that on your system, but on Ubuntu you just edit /etc/default/openvpn and uncomment AUTOSTART="all".

• Finally, you need a client config. Create a new directory somewhere and copy the files ca.crt, client.crt and client.key that we created during key generation into it. Then create the file client.conf and put the following lines into it:

client dev tap proto udp remote <ip or domain of your server> persist-key persist-tun nobind ca ca.crt cert client.crt key client.key resolv-retry infinite comp-lzo verb 3

• Copy the directory to your client, switch into it and execute as root or with sudo:

  openvpn client.conf

• Now a connection should be established.

• Please note that you need to set ROS_IP to the ip address of tap0. If you have several machines on the robot's network, you might also need to configure routing into the vpn. Alternatively you can use a bridged network for vpn. Please look at the tutorials for instructions to do that.
  
  This is the guide that will be followed to create a VPN network. Any errors faced or troubleshooting methods employed will be documented and this page will be modified.